Bug#514138: audacity: buffer overflow

Steffen Joeris steffen.joeris at skolelinux.de
Wed Feb 4 21:53:28 UTC 2009


fixed 514138 1.3.6-1 
thanks

Hi Benjamin

On Wed, 4 Feb 2009 04:29:05 pm Benjamin Drung wrote:
> The upcoming audacity 1.3.7-1 does not crash if I open the generated
> file from [0]. According to the Gentoo bug tracker [1] audacity 1.3.6
> does not have this bug any more. You can find
> String_parse::get_nonspace_quoted in version 1.3.7 in
> lib-src/portsmf/strparse.cpp:
Thanks for your explanation, I think I should have been more precise. I 
somehow missed to set the fixed tag in the pseudo header, because this 
bugreport was meant for lenny/etch.
Either way, from what I can see lenny is still vulnerable and should be fixed 
before the release, if possible.


Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20090204/a6584b9b/attachment-0001.pgp 


More information about the pkg-multimedia-maintainers mailing list